Here’s an overview of some of last week’s most interesting news and articles:
Shadow IT accounts with weak passwords endanger organizations
63% of enterprise professionals have created at least one account without their IT department being aware of it, and two-thirds of those have created two or more, the results of a recent 1Password survey have revealed.
12,000+ Jenkins servers can be exploited to launch, amplify DDoS attacks
A vulnerability (CVE-2020-2100) in 12,000+ internet-facing Jenkins servers can be abused to mount and amplify reflective DDoS attacks against internet hosts, Radware researchers have discovered.
(IN)SECURE Magazine issue 65 released
(IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. Issue 65 has been released today. It’s a free download, no registration required.
Offensive Security releases major update to its Penetration Testing with Kali Linux training course
The new course doubles the amount of content available to train students the skills and mindset required to be a successful security professional and prepare for the Offensive Security Certified Professional (OSCP) certification.
The 25 most impersonated brands in phishing attacks
PayPal remains the top brand impersonated in phishing attacks for the second quarter in a row, with Facebook taking the #2 spot and Microsoft coming in third, according to Vade Secure.
43% of IT professionals are still tracking assets in spreadsheets
Further, 56% currently do not manage the entire asset lifecycle, risking redundant assets, potentially creating a risk, and causing unnecessary and costly purchases.
Ransomware uses vulnerable, signed driver to disable endpoint security
Ransomware-wielding attackers have devised a novel tactic for disabling security protections that might get in their way: they are using a deprecated, vulnerable but signed driver to deliver a malicious, unsigned one that allows them to kill processes and files belonging to Windows endpoint security products.
What the government infosec landscape will look this year
Following the worldwide controversy over hacking that influenced the 2016 presidential election and the many widely publicized privacy and security incidents that have taken place since, we believe the government information security sphere is the stage upon which we’ll see two major security developments play out in 2020.
February 2020 Patch Tuesday: Microsoft fixes 99 vulnerabilities, Adobe 42
Microsoft has released fixes for 99 vulnerabilities – 12 critical, one of which is being exploited in the wild – and Adobe 42, most of which are critical and none actively exploited.
Half of cybercrime losses in 2019 were the result of BEC scams
Business email compromise (BEC) and email account compromise (EAC) scams are still the most lucrative schemes for cybercriminals: the FBI’s Internet Crime Complaint Center (IC3) has calculated that, in 2019, the average monetary loss per BEC/EAC scam complaint reached $75,000.
The frequency of DDoS attacks depends on the day and time
Multivector and cloud computing attacks have been rising over the last twelve months, according to Link11. The share of multivector attacks – which target and misuse several protocols – grew significantly from 46% in the first quarter to 65% in the fourth quarter.
5 tips for acquiring cyber talent in 2020
Cybersecurity is facing a recruitment crisis. There are currently 2.8 million professionals working in the field – far from sufficient given the ever-expanding cyber threat landscape. To meet the market’s true needs, ISC2 believes the cybersecurity workforce will need to more than double.
Study: The Blind Spots of Email Security
Increased use of automation allows attackers to create many ‘mutations’ for each malware or malicious file, potentially inundating email security products with new unknown threats. Could this explain the shortcoming of email security products? To answer this question BitDam conducted a study to measure their ability to detect unknown threats at first encounter.
Mac threats are growing faster than their Windows counterparts
Mac threats growing faster than their Windows counterparts for the first time ever, with nearly twice as many Mac threats detected per endpoint as Windows threats, according to Malwarebytes.
The future of DNS security: From extremes to a new equilibrium
In anticipation of his keynote at HITB Security Conference 2020 in Amsterdam, we talked to internet pioneer Dr. Paul Vixie, Farsight Security Chairman and CEO.
Cybersecurity is a board level issue: 3 CISOs tell why
As a venture capital investor who was previously a Chief Information Security Officer, I have noticed an interesting phenomenon: although cybersecurity makes the news often and is top of mind for consumers and business customers, it doesn’t always get the attention it deserves by the board of directors.
Emotet: Crimeware you need to be aware of
According to the U.S. Department of Homeland Security, Emotet continues to be among the most costly and destructive malware threats affecting state, local, and territorial governments and its impact is felt across both the private and public sectors.
eBook: 8 Real World Use Cases for SOAR
Download this 11-page e-book with eight real-world use cases to see how security orchestration, automation and response (SOAR) can improve your team’s productivity and efficiency by automating security operations workflows.
New infosec products of the week: February 14, 2020
A rundown of the most important infosec products released last week.